<?php
// admin : galatool = default Zugang
include_once("secret/sessionmanager.php");
initSession();
include "secret/config.php";
include "secret/attributes.php";

if (isset($_GET['logout'])) {
	unset($_SESSION['s_username']);
	unset($_SESSION['s_userid']);
	unset($_SESSION['s_userpass']);
	unset($_SESSION['s_loggedin']);
	unset($_SESSION['s_cansearch']);
	unset($_SESSION['s_caninsert']);
	unset($_SESSION['s_statusview']);
	unset($_SESSION['s_probeview']);
	unset($_SESSION['s_userman']);
	unset($_SESSION['lang']);
	unset($_SESSION['s_ogame_playerid']);
	unset($_SESSION['s_serverurl']);
	unset($_SESSION['s_allyhistory']);
	unset($_SESSION['s_diplomatic']);
	unset($_SESSION['s_hits']);
	unset($_SESSION['s_universe']);
	unset($_SESSION['s_ogameserver']);
	unset($_SESSION['s_viwerpass']);
	unset($_SESSION['s_isviewer']);
}

if (isset($_GET['language'])) {
	unset($_SESSION['lang']);
	switch ($_GET['language']) {
		case "chinese" : $_SESSION['lang']="chinese"; break;
		case "english" : $_SESSION['lang']="english"; break;
		default : $_SESSION['lang']="english"; break;
	}
}

if (!isset($_SESSION['lang'])) {
	$_SESSION['lang'] = $default_language;
}

switch ($_SESSION['lang']) {
	case "chinese" : include "languages/chinese.inc.php"; break;
	case "english" : include "languages/english.inc.php"; break;
	default : include "languages/chinese.inc.php"; break;
}

$path = $_SERVER['PHP_SELF'];
$pos = strrpos($path,"/");
$path = substr($path,0,$pos);

if (isset($_POST['username']) && isset($_POST['pass'])) {
	$loginfailure = true;
	mysql_connect($dbhost,$dbusername,$dbpassword);
	mysql_select_db($dbname);
	// todo : it's better to use mysql_escape_string to avoid sql attack
	$username = preg_replace("/[^a-zA-Z0-9_\s\-\.]/","",$_POST['username']);
	$userpass = preg_replace("/[^a-zA-Z0-9_\s\-\.]/","",$_POST['pass']);
	$query = "SELECT id,username,userpass, ogame_playerid,cansearch,caninsert,statusview,probeview,userman,allyhistory,diplomatic,universe,ogameserver,viewerpass FROM $utablename WHERE username='$username' AND (userpass=md5('$userpass') or viewerpass='$userpass') and status='active'";
	$res = mysql_query($query) or die(mysql_error());
	if (mysql_num_rows($res) > 0) {
		$line = mysql_fetch_object($res);
		$_SESSION['s_username']       = $line->username;
		$_SESSION['s_userid']         = $line->id;
		$_SESSION['s_isviewer']	= ($line->viewerpass == $userpass) ? true : false;
		if(!$_SESSION['s_isviewer']) {
			$_SESSION['s_userpass']	      = $line->userpass;
		}
		$_SESSION['s_ogame_playerid'] = $line->ogame_playerid;
		$_SESSION['s_loggedin']       = true;
		
		$_SESSION['s_serverurl']   = $_SERVER['HTTP_HOST'].$path;
		if(!$_SESSION['s_isviewer']) {
			$_SESSION['s_cansearch']   = ($line->cansearch =="true") ? true : false;
			$_SESSION['s_caninsert']   = ($line->caninsert =="true") ? true : false;
			$_SESSION['s_statusview']  = ($line->statusview =="true") ? true : false;
			$_SESSION['s_probeview']   = ($line->probeview =="true") ? true : false;
			$_SESSION['s_userman']     = ($line->userman =="true") ? true : false;
			$_SESSION['s_allyhistory'] = ($line->allyhistory =="true") ? true : false;
			$_SESSION['s_diplomatic']  = ($line->diplomatic =="true") ? true : false;
		} else {
			$_SESSION['s_cansearch']   = ($line->cansearch =="true") ? true : false;
			$_SESSION['s_caninsert']   = false;
			$_SESSION['s_statusview']  = ($line->statusview =="true") ? true : false;
			$_SESSION['s_probeview']   = ($line->probeview =="true") ? true : false;
			$_SESSION['s_userman']     = false;
			$_SESSION['s_allyhistory'] = false;
			$_SESSION['s_diplomatic']  = false;
		}
		$_SESSION['s_hits']		  = 20;
		$_SESSION['s_universe']	  = $line->universe;
		$_SESSION['s_ogameserver']	  = $line->ogameserver;
		$_SESSION['s_viewerpass'] = $line->viewerpass;
		
		$loginfailure = false;
	}

	if (!$loginfailure) {
		$query = "UPDATE $utablename SET logins=logins+1, lastlogin=NOW() WHERE id='".$_SESSION['s_userid']."'";
		$res = mysql_query($query) or die(mysql_error());
		$query = "INSERT INTO $iptablename (userid,ip,logintime) VALUES ('".$_SESSION['s_userid']."','".$_SERVER['REMOTE_ADDR']."',NOW())";
		$res = mysql_query($query) or die(mysql_error());
		$query = "SELECT id FROM $iptablename WHERE userid='".$_SESSION['s_userid']."' ORDER BY logintime ASC";
		$res = mysql_query($query) or die(mysql_error());
		if (mysql_num_rows($res) > 50) {
			$number = mysql_num_rows($res);
			$where = " id IN (";
			$i = 0;
			while ($line = mysql_fetch_object($res)) {
				if ($i < ($number-50)) $where .= $line->id.",";
				else break;
				$i++;
			}
			$where = substr($where,0,strlen($where)-1).")";
			$query = "DELETE FROM $iptablename WHERE ".$where;
			$res = mysql_query($query) or die(mysql_error());
		}
	}
}


if (!isset($_SESSION['s_loggedin']) || $_SESSION['s_loggedin'] && $_SESSION['s_serverurl'] != $_SERVER['HTTP_HOST'].$path) { // Loginseite
?>
<!doctype HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title><?php echo PROGRAM_NAME; ?></title>
<meta http-equiv="content-type" content="text/html; charset=<?php echo $default_charset; ?>">
<link rel="stylesheet" type="text/css" href="secret/styles.css" />
</head>
<body>
<form action="index.php" method="POST">
<table class="standard" cellpadding="0" cellspacing="0" border="0" style="margin-top:200px; width:250px;" align="center">
<tr class="firstcolor"><td colspan="2" align="center" class="tblhead"><?php echo PROGRAM_NAME." ".VERSION; ?> - Login</td></tr>
<?php
if (isset($loginfailure) && $loginfailure) echo "<tr class=\"firstcolor\"><td colspan=\"2\" class=\"failure\">".L_LOGINFAILURE."</td></tr>\n";
if (isset($_GET['timeout'])) echo "<tr class=\"firstcolor\"><td colspan=\"2\" class=\"failure\">".L_TIMEOUT."</td></tr>\n";

?>
<tr class="firstcolor"><td style="padding-top:5px; padding-left:5px;"><?php echo L_USERNAME; ?>:</td><td style="padding-top:5px;"><input class="textfield" type="text" name="username" size="20" maxlength="20" /></td></tr>
<tr class="firstcolor"><td style="padding-top:5px; padding-left:5px;"><?php echo L_PASSWORD; ?>:</td><td style="padding-top:5px;"><input class="textfield" type="password" name="pass" size="20" maxlength="20" /></td></tr>
<tr class="firstcolor"><td colspan="2" align="center" style="padding-top:5px;"><input class="button" type="submit" name="OK" value="OK" /></td></tr>
<tr class="firstcolor"><td colspan="2" align="center"><br><?php echo L_LANGUAGE; ?><br />
<a href="index.php?language=chinese"><img src="images/ch-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=english"><img src="images/en-icon.gif" border="0"></a>
</td></tr>
<tr class="firstcolor"><td colspan="2">&nbsp;</td></tr>
<tr class="firstcolor"><td align="center"><a class="link" href="register.php"><?php echo L_REGISTER; ?></a></td>
<td align="center"><a class="link" href="lost_password.php"><?php echo L_PWLOST; ?></a></td>
</tr>
</table>
</form>
</body>
</html>
<?php
} else {
?>
   <HTML>
	<HEAD>
		<TITLE>DONE</TITLE>
		<meta http-equiv="content-type" content="text/html; charset=<?php echo $default_charset; ?>">
		<meta http-equiv="refresh" content="0; URL=secret/index.php">
		<link rel=stylesheet type="text/css" href="secret/styles.css">
	</HEAD>
	<BODY>
		<table cellpadding="0" cellspacing="0" border="0" style="width:250px;" align="center" height="100%">
		<tr><td valign="middle">
		<a class="menulink" href="secret/index.php"><?php echo INDEX_PAGEFORWARD; ?></a>
		</td>
		</tr>
	</BODY>
  </HTML>
<?php
}

?>